Handling Open Web Application Security As the market dynamics change digital business is quickly becoming the method of choice for any enterprise to offer products and services on-demand to their market applying next-generation information infrastructures with AJAX as an ideal partner to complement modern SOA architectures.

But moving applications to the Web also brings up a lot of questions how to deal with security issues. The OWASP is an open project and a community to help make informed decisions about Web application security risks. In 2007 the most serious web application vulnerabilities (as PDF) were:

1. Cross Site Scripting (XSS)
2. Injection Flaws
3. Malicious File Execution
4. Insecure Direct Object Reference
5. Cross Site Request Forgery (CSRF)
6. Information Leakage and Improper Error Handling
7. Broken Authentication and Session Management
8. Insecure Cryptographic Storage
9. Insecure Communications
10. Failure to Restrict URL Access

For the most prevalent Web application frameworks and especially for open source development, where open source software became the most prominent face of open source the OWASP project represents an excellent ressource to stay informed and make decisions about application security.

The project also provides a comprehensive guide to build secure Web applications and Web services and many recommendations also for projectmanagers, application owners and of course C-level executives.

Labels: ajax, bizdev, security, soa, web2.0

  ¶ 'Handling Open Web Application Security' posted by eA : 12:24 PM  0 comments links to this post

  Into the Air with AJAX
From Wikipedia:

'This aerobatic team is split into "the Diamond" (Blue Angels 1 through 4) and the Opposing Solos (Blue Angels 5 and 6). Most of their displays alternate between maneuvers performed by the Diamond and those performed by the Solos'.

Check out the new Google AJAX Search API Wizards, they are easy to integrate and a fast way to search several google videos, maps, news and books and allow mash ups and a better participation in current communications.

Labels: ajax, mashup, search, strategy, videos

  ¶ 'Into the Air with AJAX' posted by eA : 11:12 AM  0 comments links to this post

  Custom Search Module for AJAX Libraries and Toolkits Having a passion for AJAX I did a bit of research on AJAX libraries and toolkits mostly based on free OpenSource technology and updated my Custom AJAX Search Engine to extract information quickly with precision.

AJAX is based on open standards like JavaScript, HTML, CSS, DOM and DOM Events, XMLHttpRequest, XML and SVG, highly available in most modern Web-browsers and compatible with existing Web development technologies allowing a smooth transition to next generation Web-Apps with a strong ROI.

Currently it searches more than 30 top libraries and toolkits:

Libraries: ActiveWidgets Aflax Amberjack Reflection.js Yahoo UI Dojo MochiKit.Animator Lightbox 2 Jquery JKL.ParseXMLparse remote XML file into JavaScript object (JSON) Liquidx Mapstraction Mochikit Openlayers Openrecord Openrico Osflash Prototype Rialto RobGonda Script.aculo.us Tacos Technicalpursuit Trimpath Xajax

Toolkits Aptana Backbase Bindows G Webtoolkit ATF RAP Activemq XAP Nexaweb OpenJakob Openlaszlo Opensymphony Taconite Tibco Zapatec Zimbra ZK1

Developing rich user experiences with RIA technologies such as AJAX makes Web-based applications response quickly and intuitive like a typical desktop application. Instead reloading a page after the old click-wait-refresh model the AJAX application stays on a page continuously while the AJAX engine handles data exchange with the server.

Building the case, AJAX Web-applications provide enormous advantages compared to conventional Web-applications, they avoid slow response times and scrolling after the page has reloaded thus improve end-user productivity, lower bandwidth consumption and costs by partial page updates and reduce the time to wait for the next page.

Applied to eCommerce systems AJAX even increases revenues making new applications easy and intuitive reducing the amount of friction for end-users.

• AJAX Libraries and Toolkits Search

Labels: ajax, google, mashup, opensource, web2.0

  ¶ 'Custom Search Module for AJAX Libraries and Toolkits' posted by eA : 12:58 PM  0 comments links to this post

  Web 2.0 Aftermath As costs of Web server hardware and Internet bandwidth continue to drop setting-up database-backed websites using advanced toolkits such as innovative Ruby on Rails and AJAX interfaces has become a lot easier than a few years ago.

An active creator today can enhance brand visibility and credibility, achieve customer intimacy or just simplify the process to find the latest information about new products and services allowing visitors to subscribe to blogs via RSS and be notified when posting something new.

Characteristics of today's Web 2.0 architecture allow better communications and data exchange resulting in improved social networking technologies, service orientation and cinematic user interfaces based on AJAX and Flash complementing modern SOA's.

Most websites have just started or do not yet apply Web 2.0 characteristics, but many people talk already about what's after Web 2.0. It's pure speculation, but I think that future disruptive services will leverage further human intelligence applying technologies such as the Semantic Web and FOAF which will enrich today's Web technologies but also raise privacy concerns.

Labels: ajax, bizdev, FOAF, rails, Semantic Web, web2.0

  ¶ 'Web 2.0 Aftermath' posted by eA : 7:10 PM  0 comments links to this post

  Trendy: Mobility and Cross-Platform Capabilities in 2007 Anytime, anywhere access to any multimedia services is in progress and addresses current trends in the telecommunications sector. Today's cellphones converge more and more into hybrids combining voice-centric and data-centric services.

• Upward Mobility (Business Week)

IP and IP-based products and services with a focus on new user-centric broadband services transform already and will continue to transform information and communications products and services within the fastest moving market in the world today.

An intense competition, exploding multimedia content, new devices and IP based networks make it neccessary to create seamless services that meet the needs of targeted customer segments.

Superior and clever presentation layers in terms of quality, cross-platform capabilities, video, audio, probably also offline storage(AMASS) will be a requirement to leverage these trends.

• The Web's Brightest AJAX Libraries and Toolkits
• Top AJAX Libraries and Toolkits (Specialized Search Engine)
• Creating Customized Applications via Mash Ups
• Back in Black: CSS Rounded Corners
• Sketching Early Stage Designs with AJAX
• AJAX Toolkits of course OpenSource
• AJAX Will Transform Web-based Applications Forever
• Winning OpenSource Frameworks in Web 2.0

Labels: ajax, bizdev, flash, trend

  ¶ 'Trendy: Mobility and Cross-Platform Capabilities in 2007' posted by eA : 5:55 PM  0 comments links to this post

  Creating Customized Applications via Mash Ups In these days it's trendy to collaborate, share data and information over the Web. It seems to me like the Web has quickly morphed into a giant global operating system which allows to remix the Web via mash ups.

Over a period of nearly two years I posted more than 200 entries on my personal blog. The increasing amount of posts made it necessary to apply new ways to look up existing entries and to extract information quickly with precision.

Applying the state of the art Google AJAX Search API this combination of Web-based applications across different sources offers a useful, cheap and easy way to create a customized application solving this issue.

I found it easy to integrate and a fast way to search several blog posts without leaving the site and the quality of search results for my blog improved a lot applying the GblogSearch module. Reason enough to give the search box a prominent place on top of the page now.

Extracting information quickly with precision inspired me recently to create two customized search modules featuring AJAX and Video. I'm thinking already about leveraging a mash up including groupware and collaboration, information management, knowledge management, content management, work flows, multi channel facilities and single sign on. Mash ups put more power in the hands of end users.

Labels: ajax, apis, bizdev, google, mashup, search

  ¶ 'Creating Customized Applications via Mash Ups' posted by eA : 7:47 PM  0 comments links to this post

  Back in Black: CSS Rounded Corners New applications let users combine data and functionality from a variety of sources into a custom environment blurring the line between software and the Internet using an architecture of participation. AJAX is an ideal partner to design accessible, clean, fast and flexible interfaces for an infinite number of media and to complement modern SOA architectures.

• View CSS Rounded Corners Example

Labels: ajax

  ¶ 'Back in Black: CSS Rounded Corners' posted by eA : 5:15 PM  0 comments links to this post

  Sketching Early Stage Designs with AJAX During the early stage of a product or service I'm often creating designs and mockups to visualize and communicate in an effective way, to define the use-case, to deliver functional specifications or to code with the purpose to

• create new opportunities for self-expression and collaboration
• complement and compete in products and services
• leverage network effects and monetization

Addressing a user's demand the number of required features, functions, tools and options of today's products and services is huge and in times of AJAX, Flash and Rich Media it becomes even more important to make clients fundamentally understand why they are a good thing. I've written already a number of articles to explain the basics:

• Trendspotting a Web of User-Generated Content
• Trendspotting Media Transformation
• Socializing on Tech-Based Interaction
• AJAX Toolkits of course OpenSource

The use of AJAX, which has gained a tremendous industry momentum by Google services like GMaps and GMail, provides a new user interaction model delivering highly interactive, desktop-like user experiences.

Building the case, AJAX Web-applications provide enormous advantages compared to conventional Web-applications, they avoid slow response times and scrolling after the page has reloded thus improve end-user productivity, lower bandwidth consumption and costs by partial page updates and reduce the time to wait for the next page.

Applied to eCommerce systems AJAX even increases revenues making new applications easy and intuitive reducing the amount of friction for end-users.

AJAX is based on open standards like JavaScript, HTML, CSS, DOM and DOM Events, XMLHttpRequest, XML and SVG, highly available in most modern Web-browsers and compatible with existing Web development technologies allowing a smooth transition to next generation Web-Interfaces with a strong ROI and requires new ways of thinking and skills, including strategy, creative and technology to help customers, clients, users, audiences and participants to fundamentially understand the advantages.

Light-weight collaboration techniques, user-suggested tags, bottoms-up approach are just a few expressions to name in this context.

Labels: ajax

  ¶ 'Sketching Early Stage Designs with AJAX' posted by eA : 6:10 PM  0 comments links to this post

  Ruby on Rails with TnT 2.0 The idea that people will pass on and share interesting and entertaining content can create a tremendous awareness of a product or service in the form of funny video clips, or interactive Flash games, images, and even text.

As products and experiences become more complicated or gain new capabilities new technologies, disciplines and the hyper speed of today's platforms require new ways of thinking and skills, including strategy, creative and technology helping customers, users, audiences and participants effectively use or experience these solutions.


Using a powerful Model-view-controller (MVC) software architecture applying principles such as 'Don't repeat yourself' (DRY) and 'Convention Over Configuration' Ruby on Rails (RoR) is an excellent hyper productive framework to realize new ideas and help customers, users, audiences and participants effectively use or experience these solutions. Having the Prototype Javascript Framework already in place it's easy to develop and apply usful dynamic visual effects and user interface elements based on AJAX.

An active creator today can enhance brand visibility and credibility, achieve customer intimacy or just simplify the process to find the latest information about new products and services allowing visitors to subscribe to blogs via RSS and be notified when posting something new.

As a passionate application developer it takes one afternoon from initial installation to deploying the first application. Just follow these guidelines:

• Learning Ruby
• Using Ruby on Rails

Labels: ajax, rails, tnt

  ¶ 'Ruby on Rails with TnT 2.0' posted by eA : 10:36 AM  1 comments links to this post

  AJAX Toolkits of course OpenSource Developing rich user experiences with RIA technologies such as AJAX makes Web-based applications response quickly and intuitive like a typical desktop application. Instead reloading a page after the old click-wait-refresh model the AJAX application stays on a page continuously while the AJAX engine handles data exchange with the server.

Building the case, AJAX Web-applications provide enormous advantages compared to conventional Web-applications, they avoid slow response times and scrolling after the page has reloded thus improve end-user productivity, lower bandwidth consumption and costs by partial page updates and reduce the time to wait for the next page.

Applied to eComerce systems AJAX even increases revenues making new applications easy and intuitive reducing the amount of friction for end-users.

My favorite OpenSource AJAX toolkits include DOJO, PROTOTYPE-based RICO and SCRIPT.ACULO.US, which supports Gucci and Apple Aperture. Another interesting framework represents the upcoming OpenLaszlo project Legals, which is projected to be available by the end of the year 2006.

Ajax toolkits usually provide cross-platform and cross-browser independence, are compatible to existing web development technologies allowing a smooth transition to next generation Web-Apps with a strong ROI.

Labels: ajax, opensource

  ¶ 'AJAX Toolkits of course OpenSource' posted by eA : 1:36 PM  0 comments links to this post

  AJAX Will Transform Web-based Applications Forever The user trend shifted towards digital media and an online lifestyle with a rapid adoption of broadband that made it possible to move more and more applications to the Web with technologies standing out by an intuitive and natural user interaction reducing the amount of friction for people to communicate, interact with and control personal media online.

The technology behind the recent success of Web-based applications, the use of AJAX provides a new user interaction model delivering highly interactive, desktop-like user experiences called RIA's, Rich Internet Applications. Instead reloading a page the Ajax application stays on a page continuously while the Ajax engine handles data exchange with the server.

AJAX is based on open standards like JavaScript, HTML, CSS, DOM and DOM Events, XMLHttpRequest, XML and SVG, highly available in most modern Web-browsers and compatible with existing Web development technologies allowing a smooth transition to next generation Web-Apps with a strong ROI.

Labels: ajax

  ¶ 'AJAX Will Transform Web-based Applications Forever' posted by eA : 10:05 AM  0 comments links to this post